LiuHua
Feiue
Kevin Hu
commited on
Commit
·
e2f0276
1
Parent(s):
d719333
Add Authorization checks (#2209)
Browse files### What problem does this PR solve?
Add Authorization checks
#2203
### Type of change
- [x] New Feature (non-breaking change which adds functionality)
---------
Co-authored-by: Feiue <[email protected]>
Co-authored-by: Kevin Hu <[email protected]>
- api/apps/kb_app.py +9 -0
api/apps/kb_app.py
CHANGED
|
@@ -100,6 +100,15 @@ def update():
|
|
| 100 |
def detail():
|
| 101 |
kb_id = request.args["kb_id"]
|
| 102 |
try:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 103 |
kb = KnowledgebaseService.get_detail(kb_id)
|
| 104 |
if not kb:
|
| 105 |
return get_data_error_result(
|
|
|
|
| 100 |
def detail():
|
| 101 |
kb_id = request.args["kb_id"]
|
| 102 |
try:
|
| 103 |
+
tenants = TenantService.get_joined_tenants_by_user_id(current_user.id)
|
| 104 |
+
for m in tenants:
|
| 105 |
+
if KnowledgebaseService.query(
|
| 106 |
+
tenant_id=m["tenant_id"], id=kb_id):
|
| 107 |
+
break
|
| 108 |
+
else:
|
| 109 |
+
return get_json_result(
|
| 110 |
+
data=False, retmsg=f'Only owner of knowledgebase authorized for this operation.',
|
| 111 |
+
retcode=RetCode.OPERATING_ERROR)
|
| 112 |
kb = KnowledgebaseService.get_detail(kb_id)
|
| 113 |
if not kb:
|
| 114 |
return get_data_error_result(
|